


no enrypt-credentials


Encrypts all passwords and authentication keys in show commands.

The no form of this command removes encryption so that passwords and authentication keys are shown in plain text.

Command context



This example encrypts all credentials in show commands.

switch(config)# encrypt-credentials

	                              **** CAUTION ****
 	This will encrypt all passwords and authentication keys.

 	The encrypted credentials will not be understood by older software versions.
 	The resulting config file cannot be used by older software versions.
 	It also may break some of your existing user scripts.

 	Before proceeding, please save a copy of your current config file, and
 	associate the current config file with the older software version saved in
 	flash memory. See "Best Practices for Software Updates" in the Release Notes.

 	A config file with 'encrypt-credentials' may prevent previous software
 	versions from booting. It may be necessary to reset the switch to factory
 	defaults. To prevent this, remove the encrypt-credentials command or use
 	an older config file.
Save config and continue (y/n)? y

Switch(config)# tacacs-server key procurve

Switch(config)# show running-config

		Running configuration:

		; J9850A Configuration Editor; Created on release #KB.16.03.0000x
		; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45	
		; encrypt-cred 38qcQq/OETUfXNO7/eGOb5TgG3IBzILkhHOspcJkM2Y
		hostname "Switch-5406Rzl2"	
		module A type j9989a
		module F type j9534a
		tacacs-server encrypted-key "7ViIcKdWMqJzWKDn
		snmp-server community "public" unrestricted
   ip address dhcp-bootp
		vlan 1
   name "DEFAULT_VLAN"
   untagged A1-A24,F1-F24
   ip address dhcp-bootp

switch(config)# show tacacs

 	Status and Counters - TACACS Information

  	Deadtime(min) : 0
  	Timeout : 5
  	Source IP Selection : Outgoing Interface
  	Encryption Key : 82qT9SBeCEs7iUtT7jSp

  	Server IP Addr  Opens  Closes Aborts Errors Pkts Rx Pkts Tx OOBM
  	--------------- ------ ------ ------ ------ ------- ------- ----

Configured the TACACS+ key with encrypt-credentials.

Switch(config)# encrypt-credentials

                              **** CAUTION ****
 This will encrypt all passwords and authentication keys.

 The encrypted credentials will not be understood by older software versions.
 The resulting config file cannot be used by older software versions.
 It also may break some of your existing user scripts.

 Before proceeding, please save a copy of your current config file, and
 associate the current config file with the older software version saved in
 flash memory. See "Best Practices for Software Updates" in the Release Notes.

 A config file with 'encrypt-credentials' may prevent previous software
 versions from booting. It may be necessary to reset the switch to factory
 defaults. To prevent this, remove the encrypt-credentials command or use
 an older config file.

	Save config and continue (y/n)? y

Switch(config)# hide-sensitive-data

Switch(config)# tacacs-server key
	Enter key-str:  ********
	Re-enter key-str:  ********

Switch(config)# tacacs-server host key
	Enter key-str:  ********
	Re-enter key-str:  ********

Switch(config)# show include-credentials
	Stored in Configuration         : No
	Enabled in Active Configuration : N/A

Switch(config)# show encrypt-credentials
	Encryption    : Enabled
	Pre-shared Key: none

Switch(config)# show running-config

	Running configuration:

	; J9850A Configuration Editor; Created on release #KB.16.03.0000x	
	; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45	
	; encrypt-cred 38qcQq/OETUfXNO7/eGOb5TgG3IBzILkhHOspcJkM2Y/5JvgL27NSkoQGjVEPz5a	
	hostname "Switch-5406Rzl2"
	module A type j9989a
	module F type j9534a
	tacacs-server host encrypted-key
	tacacs-server encrypted-key "SV4/HLQCyOUoEspTiIEhsKPW21e6zfMDkJ1mdG8CrQc="
	snmp-server community "public" unrestricted
   ip address dhcp-bootp
	vlan 1
   name "DEFAULT_VLAN"
   untagged A1-A24,F1-F24
   ip address dhcp-bootp

Switch(config)# show tacacs

 Status and Counters - TACACS Information

  Deadtime(min) : 0
  Timeout : 5
  Source IP Selection : Outgoing Interface
  Encryption Key : gJ5AeXfDFHJqjOOgOaa+NAmzneHDqs/aMqQuWsW01Qs=

  Server IP Addr  Opens  Closes Aborts Errors Pkts Rx Pkts Tx OOBM
  --------------- ------ ------ ------ ------ ------- ------- ----       0      0      0      0      0       0       No